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(54) Method for accessing a user operable device of controlled access 



(57) Method for accessing a user operable device 
having a limited access ability by a user. Therefore a 
user transmits an inquiry using a mobile device via a 
wide area transmission network to a key authority. The 



key authority retransmits an electronic access key. This 
access key is stored in the mobile device and later trans- 
mitted to a controller unit controlling the access the user 
operable device allowing the user to operate on it. 
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Description 

[0001] The present invention relates to a method for 
accessing a user operable device of controlled access. 
In particular, the invention relates to a method for ac- 
cessing a user operable device of controlled access se- 
cured by an electronic key which can be assigned by 
radio link. 

[0002] Traditionally, the access to several devices, 
particularly devices which can be rented, is often limited 
by time restraints due to the fact, that for example a real 
key must be handed over to the user wanting to rent this 
device. Therefore, local agencies have to be main- 
tained, which are cost-intensive. To operate such serv- 
ices from a central office without local agencies it is nec- 
essary to organize the rental process without handing 
over physical objects such as a real key. 
[0003] The object of the present invention is to provide 
a method for accessing a user operable device having 
a limited accessibility by a user. 
[0004] A further object of the present invention is to 
provide a mobile device used to request access to the 
user operable device granted by a key authority for per- 
mitting access and used to transmit the permission of 
access to a controller unit controlling the access to the 
user operable device. 

[0005] A further object of the present invention is to 
provide a controller unit in order to control the access to 
the user operable device of limited access. 
[0006] The object of the present invention is solved 
by claim 1 . In accordance with the present invention 
there is provided a method for accessing a user opera- 
ble device of a limited accessibility by a user comprising 
transmitting an inquiry from a mobile device of said user 
to a key authority via a wide area transmission network 
in order to obtain an access key for accessing functions 
of a controller unit of said user operable device, verifying 
said inquiry by said key authority, assigning said access 
key by said key authority, transmitting said access key 
via a wide area transmission network to said mobile de- 
vice, storing said access key in said mobile device, 
transmitting said access key form said mobile device to 
said controller unit via a local area transmission net- 
work, validating said access key and granting access to 
said user operable device. 

The solution of the object is attained by the possibility 
of using an electronic key to operate devices. Thus, 
granting access to these devices can be done without 
any physical contact. Therefore, the presented method 
comprises an inquiry step in which the user defines the 
device desired to operate on and the conditions under 
which the device shall be operated via a wide area trans- 
mission network using a mobile device. A key authority 
verifies this inquiry. When permission of usage can be 
given to the user an access key is transmitted via a wide 
area transmission network to the mobile device. The 
mobile device has the possibility to store this access key 
for later usage. When desired by the user the access 



key is transmitted via a local area transmission network 
to a controller unit controlling the user operable device 
which was determined by the user's inquiry. The con- 
troller unit validates the access key and grants access 

s to the user operable device. 

[0007] Preferably, the method comprises a step of 
transmitting information back concerning the validity of 
the access key via the local area transmission network 
to the mobile device of the user in order to inform the 

w user about the granting process and conditions includ- 
ing for example a confirmation of validity, a validity time 
of the access key and a number of possible accesses. 
Additionally, the transmission back can also include in- 
formation concerning the operable functions which are 

15 accessible by the user. This is an important information 
since not all devices controlled by the controller unit 
need to be user operable. 

[0008] Conveniently, the inquiry step of the method 
according to the present invention can include several 

20 transmissions and retransmissions of additional data. 
For example, additional data including offers made by 
key authority according to a first inquiry of the user, a 
selection of offers by the user and also information about 
the conditions under which assigning of the access key 

25 is possible. If the user desires to use a kind of device 
without defining the exact type, the key authority is able 
to transmit an information about several operable devic- 
es according to the type defined by the user's inquiry. 
For example, if the user desires to rent a car, the car 

30 rental can offer him different cars and additionally differ- 
ent built-in equipment like a mobile phone. The user se- 
lects an offer transmitted to the key authority which re- 
lates to the car rental in this case. 
[0009] Preferably, the user transmits a desired period 

35 of time defining the period of validity of the access key. 
In case of the car rental examples, usually the user de- 
fines the number of days for using the car. 
[0010] A preferable embodiment includes transmit- 
ting and verifying identification data of the user. Addi- 

40 tionally, payment information are also transmitted and 
verified. Payment information can be credit card infor- 
mation or bank account information. 
[0011] Conveniently, the key authority is a service 
provider. Additionally, the key authority is a call center. 

45 Preferably, the key authority is a WEB server accessed 
via a WEB page or the key authority is a WAP server 
accessed via a WAP page. 

[001 2] A controller unit can control the access to sev- 
eral functions of the user operable device. Due to this it 

so is necessary to provide selective access to single user 
operable functions of the device which can be per- 
formed using different access keys for the different user 
operable functions. Additionally, the user operable func- 
tions are sorted in a hierarchical structure. The position 

55 in the hierarchical structure can be obtained and defined 
by the kind of function, the importance, the access se- 
curity level and the like of the operable device. Accord- 
ing to the hierarchical structure of the operable devices 
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it is possible to define a corresponding access key struc- 
ture. This means that a level is assigned to each access 
key and an access key of a certain level includes the 
accessibility to all user operable devices of correspond- 
ing access keys with lower key levels. This kind of ac- 
cess can be interesting for maintenance of devices. 
Therefore, access keys can be provided for example by 
the manufacturer or any other service provider offering 
maintenance services. 

[0013] A possible implementation of a hierarchical ac- 
cess key structure is providing keys for towing service. 
In case of a brake down of a car the owner has to call 
the towing service and has to wait until the car is brought 
for example to a parking area of a garage. A lot of time 
gets lost. In order to shorten the time spent by the user 
for the towing process it is possible according to the 
method of the present invention to submit an access key 
to the towing service enabling to open the car, switch on 
electrical devices like lights, flash lights and the electri- 
cal system of the car but not to start the engine of the 
car, use the built-in devices like mobile phone or open 
the boot of the car. The submitted access key shall only 
allow the towing service provider to tow the car to a ga- 
rage and therefor needed functions of the car are al- 
lowed to use. Later an other access key of an higher 
level can be provided by the owner to the garage to 
make it possible for the mechanics to use the same func- 
tions like the towing service and additionally to operate 
on the electrical system of the car like reading out man- 
agement data, status data, error messages of the en- 
gine or programming the management system. Even 
the higher level access key provided to the garage must 
not allow the usage of built-in devices like a mobile 
phone. 

The different access key need not be provided by the 
owner of the car himself. It is possible that the owner of 
the car uses the service of a key authority providing the 
different access key to the towing service or the garage 
according to the method of the resent invention. 
[0014] Another implementation of a hierarchical ac- 
cess key structure is providing key for access to termi- 
nals. Computer access is a typical system using access 
keys of a hierarchical structure. A local terminal is 
equipped with a Bluetooth receiver. To gain access to 
the terminal an access key according to the method of 
the present invention is transmitted to the receiver log- 
ging on the user of the mobile device. According to the 
permission of the user different access levels of the 
computer terminal are granted to the user. 
[0015] Preferably, a device identification of the user 
operable device is co-coded in the access key to provide 
the access to a defined device. Additionally, a period of 
validity of a total access period is co-coded. To increase 
the security of the access process a period of validity of 
a first access can conveniently be also co-coded. And 
the possibility of co-coding the number of access pro- 
cedures is also provided. 

[001 6] Additionally, validating of the access key by the 



controller unit can be performed by comparing with a 
validation key generated by the controller unit. The gen- 
eration of a key comprises several additional parame- 
ters according to the fact that the access key can include 

5 co-coded information such as period of validity, number 
of accesses. These additional parameters have to be 
provided to the generation process. 
[0017] Preferably, instead of comparing the access 
key with a generated key a reference key can be used 

10 which is transmitted to the controller unit via an inter- 
face. The usage of a reference key for the validation step 
is more reliable since a generation method of a key can 
be revealed or discovered and therefore the key author- 
ity can be bypassed. Conveniently, the reference key is 

is stored in the controller unit. 

[001 8] To use a stored key to compare with the access 
key is a further preferable method to validate the access 
key. Particularly, the latter method is useful when keys 
for maintenance access shall be provided. It is obviously 
20 possible to delete stored keys in order to prevent further 
usage of a certain access key. 

The possibility of transmitting a key to be stored in the 
controller unit for example offers the opportunity to an 
owner of a car to provide an access key to a second 
25 person for using his car. In this case the owner of the 
car is the key authority who receives the inquiry, verifies 
the information provided by the inquiry step and trans- 
mits the access key to grant access to his car to a sec- 
ond person. 

30 [0019] Additionally, the reference key transmitted via 
the interface unit or a stored key need not to be used 
directly in the validating step. It is also possible to use 
the reference key or the stored key as part of the data 
used for generating the validating key. 

35 [0020] In order to prevent misappropriation and mis- 
use of the access key all transmission steps are secured 
by using encrypted transmission. Additionally, encrypt- 
ed transmission used for the inquiry step can also en- 
hance the security of the method particularly when user 

40 identification or payment data are transmitted. 

[0021] Preferably, the local area transmission net- 
work is a low power radio frequency network. Conven- 
iently, the local area transmission network may be a ra- 
dio frequency network according to e.g. the Bluetooth 

*3 standard. Alternatively, the local area transmission net- 
work may be an infrared transmission network. 
[0022] Preferably, the wide area transmission net- 
work is a network for mobile transmission and commu- 
nication such as GSM, UMTS or the like. Conveniently, 

50 the wide area transmission network is a cellular network 
for mobile communication. Specifically, the wide area 
transmission network is a mobile data transmission and 
communication network according to the GSM stand- 
ard. More specifically, the wide area transmission net- 

55 work is a mobile data transmission and communication 
network according to the WCDMA standard. Most pref- 
erably, the wide area transmission network is a mobile 
data transmission and communication network accord- 
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ing to UTMS standard. 

[0023] Additionally, the access key is transmitted via 
a message according to e.g. the SMS standard included 
in the GSM standard. 

[0024] The present invention further comprises a mo- 
bile device according to the above discussed method. 
This mobile device comprises the following means in or- 
der to fulfil the demands defined by the method of the 
present invention : a unit for inputting inquiry data to be 
transmitted to the key authority, a unit for transmitting 
the inquiry data via the wide area transmission network, 
a unit for receiving the access key, a unit for storing the 
access key and a unit for transmitting the access key to 
the controller unit. 

[0025] According to the above explained method the 
mobile device can additionally comprise a unit for re- 
ceiving information concerning the validity of the access 
key or the operable functions which are accessible by 
the user. 

[0026] Preferably, to secure the access granted to the 
user by the key authority a re-coding of the access key 
is performed using information or data only accessible 
by the mobile device or the user thereof, wherein the 
data can be a PIN code only known by the user or a 
unique built-in mobile device identification. 
[0027] Conveniently, a WEB client or a WAP client can 
be included in the mobile device. 
[0028] The present invention further comprises a con- 
troller unit for usage in a method according to any one 
of the preceding claims and connectable to a user op- 
erable device comprising a unit for receiving an access 
key via a local area transmission network, a unit for stor- 
ing the access key, a unit for validating the access key 
and means for controlling functions of the user operable 
device. 

[0029] According to the above described method the 
controller unit can additionally comprise a unit for gen- 
erating a validation key. Preferably, the controller unit 
comprises a unit for storing a key or several keys. 
Conveniently, the controller unit comprises a unit for re- 
transmitting information concerning the validity of the 
access key or the operable functions which are acces- 
sible by the user. 

[0030] Preferably, the controller unit comprises an in- 
terface unit. This interface unit can be connected to an 
authorized device or an authorized instant. The con- 
necting of the interface unit to an authorized device can 
be done using a common communication standard 
based on methods using wire for communication or 
wireless communication. More preferably, the interface 
unit uses a wide area communication network such as 
defined above. Additionally, the interface unit can also 
use a local area communication network defined above. 
[0031] When using co-coded access keys additional 
units may be necessary to gain the additional data for 
generating the according validation key or for validating 
the co-coded information of the access key. These units 
could be units providing a clock signal for checking a 



6 

period of time, device identification, for example the type 
of a unique number, a position signal e.g. a GPS signal 
or signals generated by the user operable device like 
notifying failure, misoperation or maintenance require- 
5 ment. 

[0032] The method according to the present invention 
provides a secure method to offer and to control access 
to user operable devices using a electronic key. The 
electronic key is provided by a key authority. In order to 
10 get a granted access to a desired user operable device 
an inquiry has to be transmitted by the user to the key 
authority including all necessary data and information. 
The electronic key is transmitted to a mobile device of 
the user used before to transmit the inquiry. The elec- 
ts tronic key allows the user to get access to the user op- 
erable device which is controlled by a controller unit. 
[0033] The present invention is described with re- 
spect to particular exemplary embodiments thereof and 
reference is accordingly made to the drawings in which: 

20 

Fig, 1 illustrates schematically the sequence of infor- 
mation transmitted according to the method of 
the present invention, 

Fig. 2 shows a set of possible units included in a pref- 
25 erable embodiment of the controller unit, 

Fig. 3 illustrates the method of the present invention 
taking a procedure of a rental of a car as ex- 
ample. 

30 [0034] Fig. 1 illustrates schematically the sequence of 
information transmitted according to the method of the 
present invention as also devices and units involved and 
visible for the user. 

[0035] The first step of the method referenced as in- 

35 quiry 1 1 comprises at least one inquiry to operate a cer- 
tain device 1 ,2,3 or n. Commonly, the inquiry includes 
several transmissions and retransmission 11, 12. The 
key authority 12 is accessed via a wide area transmis- 
sion network, particularly a GSM cellular network. Infor- 

40 mation about the user identification and payment data 
have to be verified. A positive verification leads to the 
transmission 13 of the access key of the user operable 
device to the mobile device which is stored in said mo- 
bile device. The access key stored in the mobile device 

45 and information about the user operable device trans- 
mitted from the key authority enables the user to identify 
the assigned user operable device. The transmission of 
the access key to the controller unit via a local area 
transmission network, like Bluetooth, allows the user to 

so operate on a single or several devices controlled by the 
controller unit under the conditions co-coded in the ac- 
cess key. 

[0036] Fig. 2 shows a set of possible units included in 
a preferred embodiment of the controller unit. Validating 
55 of the access key comprises several steps and can be 
carried out in different ways. Following reference num- 
bers 21 to 24, shown in Fig. 2, the access key is trans- 
mitted 21 from the mobile device via a local area trans- 
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mission network to a receiver unit of the controller unit. 
If necessary, the access key can be stored in an access 
key buffer or passed directly 22 to the validation unit. 
The access key is validated thereon. A positive valida- 
tion is passed 23 to a controlling unit responsible for con- 
trolling the user operable devices. The user operable 
devices are controlled via a controlling bus 24. 
[0037] A co-coded period of validity in the access key 
has to be extracted 25 and monitored 26. When the pe- 
riod is run out the permission of usage expires and the 
user operable devices are no longer accessible. 
[0038] There are different ways conceivable to vali- 
date the access key. The embodiment according to Fig. 
2 shall describe different ways without limiting the vali- 
dation process illustrated by using different line styles. 
[0039] The validation of the access key is often done 
by comparing the transmitted access key with a valida- 
tion key generated within the controller unit (follow ref- 
erence numbers 30 to 32 shown in Fig. 2). To generate 
the validation key parameters like at (east the device 
identification data have to be passed 30 to the validation 
key generator. The generated validation key is finally 
passed 23 to the validation unit. 
[0040] Alternatively, a validation key can also passed 
33 from a permanent or programmable key storage to 
the validation unit. Preferably, the key storage compris- 
es a storage of data used 34 as additional parameters 
for the key generation. Additionally, an interface can pro- 
vide access to the validating unit by providing a refer- 
ence key in order to be compared with the access key. 
This reference key can also be stored 41 in the key stor- 
age or be used as parameter in the key generation com- 
parable to a stored key. Such an access to the interface 
has to be controlled strictly since keys used in the vali- 
dation step can be transmitted to the controller unit in 
order to overcome the key authority. However, if the in- 
terface is connected to a transmission network 40 pro- 
viding access to the key authority the key authority, is 
able not only to transmit the access key to the user but 
also the corresponding reference key or part of the key 
to be generated in order to enhance the security of the 
method. Due to the additional transmission of data to 
the controller unit users are not able to pass the key gen- 
eration since they lack important data. 
[0041] Fig. 3 shows a possible course of a car rental 
process using the method according to the present in- 
vention. In a first step the users sends a first transmis- 
sion for inquiry of a car to a car rental. The car rental 
responds to the request of the user offering several pos- 
sible cars of different type, model and equipment. The 
user selects a car and desired additional equipment, de- 
fines the period of validity and transmits this information 
to the car rental. Subsequently the car rental transmits 
a request to the user to send an identification and infor- 
mation concerning the payment. This request has also 
to be answered by transmitting an identification number 
of the passport and credit card data to the car rental. All 
these data have to be verified by the key authority before 



an access key can be granted to the user. 
A positive verification of the information given by the us- 
er leads to a transmission of an access key and addi- 
tional information about the car like car number and 
parking lot number. The access key is stored in the mo- 
bile device. When the user wishes to get access to the 
car, he transmits the stored access key to the car. The 
access key can also enable the access to additional 
equipment of the car like a built-in mobile phone. 



10 



Claims 

1 . A method for accessing a user operable device hav- 
13 Ing a limited accessibility by a user comprising the 
following steps: 



20 



25 



30 



40 



45 



50 



transmitting an inquiry from a mobile device of 
said user to a key authority via a wide area 
transmission network in order to obtain an ac- 
cess key for accessing functions of a controller 
unit of said user operable device, 
verifying said inquiry by said key authority, 
assigning said access key by said key authority, 
transmitting said access key via a wide area 
transmission network to said mobile device, 
storing said access key in said mobile device, 
transmitting said access key via a local area 
transmission network to said controller unit, 
validating said access key in said controller 
unit, 

- granting access to said user operated device. 

2. A method according to claim 1 , wherein said con- 
troller unit transmits information back concerning 
the validity of said access key via said local area 
transmission network to said mobile device. 

3. A method according to any of the preceding claims, 
wherein said controller unit transmits information 
back concerning operable functions which are ac- 
cessible by said user. 

4. A method according to any of the preceding claims, 
wherein said inquiry to said key authority includes 
several transmitting and retransmitting processes. 

5. A method according to any of the preceding claims, 
wherein said inquiry to said key authority includes 
transmitting a desired period of time defining the pe- 
riod of validity of said access key. 

6. A method according to any one of the preceding 
claims, wherein said inquiry to said key authority in- 
cludes transmitting and verifying identification data 
of said user 

7. A method according to any one of the preceding 
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claims, wherein said inquiry to said key authority in- 
cludes transmitting and verifying payment informa- 
tion. 

8. A method access according to any of the preceding 
claims, wherein said inquiry to said key authority in- 
cludes transmitting and verifying credit card data. 

9. A method access according to any of the preceding 
claims, wherein said inquiry to said key authority in- 
cludes transmitting and verifying bank account da- 
ta. 

1 0. A method according to any of the preceding claims, 
wherein said key authority is a service provider. 

1 1 . A method according to any of the preceding claims, 
wherein said key authority is a call center operated 
manually or operated automatically by a voice as- 
sistant. 

12. A method according to any of the preceding claims, 
wherein said key authority is a WEB server and ac- 
cessed via a WEB page. 

1 3. A method according to any of the preceding claims, 
wherein said key authority is a WAP server and ac- 
cessed via a WAP page. 

14. A method according to any one of the preceding 
claims, wherein said different access keys enable 
limited access to single functions of said controller 
unit. 

15. A method according to any one of the preceding 
claims, wherein different keys are sorted hierarchi- 
cally according to hierarchically sorted functions of 
said controller unit. 

16. A method according to any one of the preceding 
claims, wherein a device identification is co-coded 
in said access key. 

17. A method according to any one of the preceding 
claims, wherein a period of validity of a total access 
period is co-coded in said access key 

1 8. A method according to any of the preceding claims, 
wherein a period of validity of a first access period 
is co-coded in said access key. 

19. A method according to any of the preceding claims, 
wherein a number of access procedures is co-cod- 
ed in said access key. 

20. A method according to any of the preceding claims, 
wherein a validation key is generated by the con- 
troller unit in order to compare said access key with 



said validation key during the validating step. 

21 . A method according to any of the preceding claims, 
wherein a reference key is transmitted directly from 

5 said key authority to said controller unit via an inter- 
face. 

22. A method according to claim 21, wherein said ref- 
erence key is stored in the controller unit. 



10 



23. A method according to claim 21 , wherein said ref- 
erence key is part of the data used for generating 
said validation key. 

24. A method according to any of the preceding claims, 
wherein a key is stored in the controller unit in order 
to compare said access key with said stored key. 

25. A method according to claim 23, wherein said 
stored key is part of the data used for generating 
said validation key. 

26. A method according to any of the preceding claims, 
wherein transmitting is secured using encrypted 
transmitting methods. 

27. A mobile device for usage in a method according to 
any one of the preceding claims, comprising: 

a unit for inputting inquiry data to be transmitted 
to said key authority, 

a unit for transmitting said inquiry data to said 
key authority via said wide area transmission 
network, 

a unit for receiving said access key assigned 

by said key authority and transmitted via said 

wide area transmission network according to 

any of the claims, 

a unit for storing said access key, 

a unit for transmitting said access key stored in 

the mobile device to said controller unit via said 

local area transmission network according to 

any of the claims. 

28. A mobile device according to claim 27, comprising 
additionally a unit for receiving information concern- 
ing the validity of said access key. 



29. A mobile device according to claim 27 or 28, com- 
50 prising additionally a unit for retransmitting informa- 
tion concerning operable functions which are ac- 
cessible to said user 

30. A mobile device according to any of the claims 27 
55 to 29, comprising additionally a unit for receding 

said access key. 

31 . A mobile device according to any of the claims 27 
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to 30, comprising a WEB client. 

32. A mobile device according to any of the claims 27 
to 31 , comprising a WAP client 

33. A controller unit for usage in a method according to 
any of the preceding claims and connectable to a 
user operable device, comprising: 

a unit for receiving an access key via a local 10 
area transmission network, 
a unit for validating said access key transmitted 
by said mobile device, 

means for controlling functions of said user op- 
erable device to which the access is granted by is 
the verified access key. 

34. A controller unit according to claim 33, comprising 
additionally a unit for generation of a validation key 

to be compared with said access key by the valida- so 
tion unit. 

35. A controller unit according to claim 33 or 34, com- 
prising additionally a unit for storing said access 
key. 25 

36. A controller unit according to any of the claims 33 
to 35, comprising additionally a unit for storing a key 
or several keys used for the validating step. 

30 

37. A controller unit according to any of the claims 33 
to 36, comprising additionally a unit for retransmit- 
ting information concerning the validity of said ac- 
cess key or information concerning operable func- 
tions which are accessible by said user. 35 

38. A controller unit according to any of the claims 33 
to 37, comprising additionally an interface unit. 

39. A controller unit according to claim 38, wherein said *o 
interface unit is connected to an authorized device 

or an authorized instant. 

40. A controller unit according to claim 38 or 39, where- 
in said interface unit is connected via a transmission 45 
network. 

41 . A controller unit according to claim 40, wherein said 
transmission network is a wide area transmission 
network. so 

42. A controller unit according to claim 40, wherein said 
transmission network is a local area transmission 
network. 

55 
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